Results 1 to 2 of 2

Thread: Senao packet injection works but aireplay don't

  1. #1
    Just burned his ISO
    Join Date
    Feb 2008

    Default Senao packet injection works but aireplay don't

    Hey everyone.

    I'm in a bit of a bind...It's been a week since I burned my iso for bt3b and I have come across one headache after another.

    I have managed to work my way through them by searching through this forum mostly, so well done everyone for sharing information so freely. Us noobs really appreciate it.

    OK, enough buttering up.

    Here's the deal. I have a Senao sl-2511 cd plus ext wifi card. O-Ooh. Yep!
    I cannot crack my wep key no matter how hard I try.

    I follow xploitz most excellent tutorial for cracking wep, but no joy.

    My senao injects fine, but I never get any ARP's or ACK's

    At first I couldn't connect to the net, but you guys here showed me how to do the

    rmmod orinoco_cs
    rmmod orinoco
    rmmod hermes

    to remove the wrong drivers and

    modprobe hostap_cs

    That's all cool, then I'll

    ifconfig wlan0 down
    iwconfig wlan0 mode managed
    ifconfig wlan0 up

    And I get internet. Sweet.

    Then I installed to my harddrive, dual boot XP/backtrack

    I then updated the kernel just yesterday. I patched the hostap drivers as suggested on the site, and boom, i can inject with my senao where previously i couldn't. I also blacklisted the orinoco drivers as suggested elsewhere.

    I'm telling you all this so that you can see that the card works, injection works, airodump sees the AP, and I can associate with it.

    I just can't seem to receive any ARPs of ACKs and I'm convinced that this is the only thing standing in my way for cracking my WEP.

    To start with I fire up my card with

    airmon-ng start wlan0

    and it comes back with wlan0 hostap monitor mode enabled

    I then

    airodump-ng -c 6 -w dumpfile wlan0

    OK, so far so good. IV's increase very very slowly, about 2 per minute.

    I run

    aireplay-ng -1 0 -a <AP MAC> -h <MY WNIC MAC> -e <NETWORK NAME> wlan0

    I associate with the AP straight away

    I run

    aireplay-ng -3 -b <AP MAC> -h <MY WNIC MAC> -e <NETWORK NAME> wlan0

    and i get one of two things happen.

    first time i do it, i get 0 arps 0 acks and it never changes

    if i ^Z out of it and try again it says
    device /rtc (or something) busy
    and then says to start airodump to capture replies and then nothing else.

    In xploitz tutorial, i see the arps and acks shoot through the roof, but mine go nowhere. What could be the problem???

    You may be interested to know that wireshark shows malformed packets right after a deauth packet.

    the aireplay -4 attack shows that after sending a packet, it receives a deauath packet if i'm not associated (though that's normal isn't it)

    aireplay -9 wlan0 shows injection works very well, mostly around 70%

    I am using 1.7.4 senao firmware and 0.9.4 aircrack downloaded yesterday
    and that's about it.

    Please help. Am i really stupid? Probably, but I try hard.


  2. #2
    Junior Member
    Join Date
    Jan 2010


    I suggest you use BackTrack 2.0 final. I have the same card as you and it works flawlessly in BT2, just like you see in those videos. It may be a lot of work, but I'd install BT2, upgrade the aircrack-ng suite, download the latest and install aircrack-ptw for very fast WEP cracking.

    None of us have had much luck getting this card to inject / detect arps in BT3b. Your time is probably much better spent reverting back to BT2 and upgrading the crap out of it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts